From 0a0d7c62137a7ed28b8047b18082d75de5d819ae Mon Sep 17 00:00:00 2001 From: sandeep Date: Mon, 14 Mar 2022 18:51:04 +0530 Subject: [PATCH] severity update for token templates --- exposures/tokens/generic/credentials-disclosure.yaml | 2 +- exposures/tokens/generic/general-tokens.yaml | 2 +- exposures/tokens/generic/jdbc-connection-string.yaml | 2 +- exposures/tokens/generic/jwt-token.yaml | 2 +- exposures/tokens/generic/shoppable-token.yaml | 2 +- file/keys/credential-exposure.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/exposures/tokens/generic/credentials-disclosure.yaml b/exposures/tokens/generic/credentials-disclosure.yaml index 43ca0e555f..e9ecaee0bc 100644 --- a/exposures/tokens/generic/credentials-disclosure.yaml +++ b/exposures/tokens/generic/credentials-disclosure.yaml @@ -3,7 +3,7 @@ id: credentials-disclosure info: name: Credentials Disclosure Check author: Sy3Omda,forgedhallpass,geeknik - severity: info + severity: unknown description: Look for keys/tokens/passwords in HTTP responses, exposed keys/tokens/secrets requires manual verification for impact evaluation. tags: exposure,token,key,api,secret,password diff --git a/exposures/tokens/generic/general-tokens.yaml b/exposures/tokens/generic/general-tokens.yaml index 3c61211247..f52ed99c96 100644 --- a/exposures/tokens/generic/general-tokens.yaml +++ b/exposures/tokens/generic/general-tokens.yaml @@ -3,7 +3,7 @@ id: generic-tokens info: name: Generic Tokens author: nadino,geeknik - severity: info + severity: unknown tags: exposure,token,generic requests: diff --git a/exposures/tokens/generic/jdbc-connection-string.yaml b/exposures/tokens/generic/jdbc-connection-string.yaml index f339d70ee5..53cc0bba82 100755 --- a/exposures/tokens/generic/jdbc-connection-string.yaml +++ b/exposures/tokens/generic/jdbc-connection-string.yaml @@ -3,7 +3,7 @@ id: jdbc-connection-string info: name: JDBC Connection String Disclosure author: Ice3man - severity: info + severity: unknown tags: exposure,token requests: diff --git a/exposures/tokens/generic/jwt-token.yaml b/exposures/tokens/generic/jwt-token.yaml index 6d672a5367..7361152a77 100644 --- a/exposures/tokens/generic/jwt-token.yaml +++ b/exposures/tokens/generic/jwt-token.yaml @@ -3,7 +3,7 @@ id: jwt-token info: name: JWT Token Disclosure author: Ice3man - severity: info + severity: unknown tags: exposure,token requests: diff --git a/exposures/tokens/generic/shoppable-token.yaml b/exposures/tokens/generic/shoppable-token.yaml index 6128f1217d..12883090dd 100644 --- a/exposures/tokens/generic/shoppable-token.yaml +++ b/exposures/tokens/generic/shoppable-token.yaml @@ -3,7 +3,7 @@ id: shoppable-token info: name: Shoppable Service Auth Token author: philippedelteil - severity: info + severity: unknown reference: https://ask.shoppable.com/knowledge/quick-start-api-guide tags: exposure,shoppable,token,auth,service diff --git a/file/keys/credential-exposure.yaml b/file/keys/credential-exposure.yaml index 543b6f5325..94a0bd6093 100644 --- a/file/keys/credential-exposure.yaml +++ b/file/keys/credential-exposure.yaml @@ -13,7 +13,7 @@ id: credentials-disclosure-file info: name: Credentials Disclosure Check author: Sy3Omda,geeknik,forgedhallpass - severity: info + severity: unknown description: Look for multiple keys/tokens/passwords hidden inside of files. tags: exposure,token,file,disclosure